diff options
author | Arthur Schiwon <blizzz@owncloud.com> | 2012-08-29 20:07:32 +0400 |
---|---|---|
committer | Arthur Schiwon <blizzz@owncloud.com> | 2012-08-29 20:07:32 +0400 |
commit | b11203537e1030639f6edf231f01b801b363599d (patch) | |
tree | 63da513a18a95349a399e9e7a70a8ff71efa1f37 /apps | |
parent | a79175330eb73ec328d4c34e163559afa9f14ca2 (diff) |
LDAP: check for existing username from other backends when creating one for an LDAP user or group. Fixes oc-1551 in stable4. Also optimizes groupExists() function as side effect.
Diffstat (limited to 'apps')
-rw-r--r-- | apps/user_ldap/group_ldap.php | 14 | ||||
-rw-r--r-- | apps/user_ldap/lib_ldap.php | 41 |
2 files changed, 31 insertions, 24 deletions
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php index a3117b5a41e..f97955b139c 100644 --- a/apps/user_ldap/group_ldap.php +++ b/apps/user_ldap/group_ldap.php @@ -201,6 +201,18 @@ class OC_GROUP_LDAP extends OC_Group_Backend { * @return bool */ public function groupExists($gid){ - return in_array($gid, $this->getGroups()); + //getting dn, if false the group does not exist. If dn, it may be mapped only, requires more checking. + $dn = OC_LDAP::groupname2dn($gid); + if(!$dn) { + return false; + } + + //if user really still exists, we will be able to read his cn + $exists = OC_LDAP::readAttribute($dn, 'objectclass'); + if(!$exists || empty($exists)) { + return false; + } + + return true; } }
\ No newline at end of file diff --git a/apps/user_ldap/lib_ldap.php b/apps/user_ldap/lib_ldap.php index 731283c67e8..7f7d4032d6f 100644 --- a/apps/user_ldap/lib_ldap.php +++ b/apps/user_ldap/lib_ldap.php @@ -132,20 +132,7 @@ class OC_LDAP { $dn = self::ocname2dn($name, true); if($dn) { return $dn; - } else { - //fallback: user is not mapped - self::init(); - $filter = self::combineFilterWithAnd(array( - self::$ldapUserFilter, - self::$ldapUserDisplayName . '=' . $name, - )); - $result = self::searchUsers($filter, 'dn'); - if(isset($result[0]['dn'])) { - self::mapUser($result[0], $name); - return $result[0]; - } } - return false; } @@ -224,14 +211,18 @@ class OC_LDAP { $ldapname = self::sanitizeUsername($ldapname); //a new user/group! Then let's try to add it. We're shooting into the blue with the user/group name, assuming that in most cases there will not be a conflict. Otherwise an error will occur and we will continue with our second shot. - if(self::mapComponent($dn, $ldapname, $isUser)) { - return $ldapname; + if(($isUser && !\OCP\User::userExists($ldapname)) || (!$isUser && !\OC_Group::groupExists($ldapname))) { + if(self::mapComponent($dn, $ldapname, $isUser)) { + return $ldapname; + } } //doh! There is a conflict. We need to distinguish between users/groups. Adding indexes is an idea, but not much of a help for the user. The DN is ugly, but for now the only reasonable way. But we transform it to a readable format and remove the first part to only give the path where this object is located. $oc_name = self::alternateOwnCloudName($ldapname, $dn); - if(self::mapComponent($dn, $oc_name, $isUser)) { - return $oc_name; + if(($isUser && !\OCP\User::userExists($oc_name)) || (!$isUser && !\OC_Group::groupExists($oc_name))) { + if(self::mapComponent($dn, $oc_name, $isUser)) { + return $oc_name; + } } //if everything else did not help.. @@ -287,16 +278,20 @@ class OC_LDAP { //a new group! Then let's try to add it. We're shooting into the blue with the group name, assuming that in most cases there will not be a conflict. But first make sure, that the display name contains only allowed characters. $ocname = self::sanitizeUsername($ldapObject[$nameAttribute]); - if(self::mapComponent($ldapObject['dn'], $ocname, $isUsers)) { - $ownCloudNames[] = $ocname; - continue; + if(($isUsers && !\OCP\User::userExists($ocname)) || (!$isUsers && !\OC_Group::groupExists($ocname))) { + if(self::mapComponent($ldapObject['dn'], $ocname, $isUsers)) { + $ownCloudNames[] = $ocname; + continue; + } } //doh! There is a conflict. We need to distinguish between groups. Adding indexes is an idea, but not much of a help for the user. The DN is ugly, but for now the only reasonable way. But we transform it to a readable format and remove the first part to only give the path where this entry is located. $ocname = self::alternateOwnCloudName($ocname, $ldapObject['dn']); - if(self::mapComponent($ldapObject['dn'], $ocname, $isUsers)) { - $ownCloudNames[] = $ocname; - continue; + if(($isUsers && !\OCP\User::userExists($ocname)) || (!$isUsers && !\OC_Group::groupExists($ocname))) { + if(self::mapComponent($ldapObject['dn'], $ocname, $isUsers)) { + $ownCloudNames[] = $ocname; + continue; + } } //if everything else did not help.. |